persona-researcher
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from external sources such as Google Drive folders and Gmail messages. Ingestion points: Reading research papers and notes via Google Drive and peer review requests in Gmail. Boundary markers: Absent; there are no explicit delimiters to isolate external content from the agent's instructions. Capability inventory: The skill utilizes capabilities with significant impact, including writing to Google Docs, appending data to Sheets, and sending emails through Gmail. Sanitization: The skill instructions do not specify any validation or sanitization for the ingested external content.
Audit Metadata